package com.qf.config.security;

import com.qf.security.FengmiBasicAuthenticationFilter;
import com.qf.security.MyAccessDenied;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * <p>title: com.qf.config.security</p>
 * <p>Company: wendao</p>
 * author zhuximing
 * date 2021/9/23
 * description: springsecurity配置类
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private MyAccessDenied  accessDenied ;



    //配置静态资源放行，主要放行swagger静态资源
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
            "/swagger-ui.html/**","/css/**","/images/**","/plugins/**","/webjars/**","/swagger-resources/**"
            ,"/v2/**"
        );
    }


    //配置系统资源（除了静态资源）的访问规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            //登录请求必须放行
            .antMatchers("/user/login","/user/verify").permitAll()
            //除了以上资源，剩下的http资源都必须登录后才能访问
            .anyRequest().authenticated();


        //关闭csrf过滤器
        http.csrf().disable();


        //配置自定义的过滤器
        http.addFilter(new FengmiBasicAuthenticationFilter(authenticationManager()));


        //自定义的accessdenied异常处理
        http.exceptionHandling().accessDeniedHandler(accessDenied);

        //解决跨域问题
        http.cors();
    }


}